mirror of https://github.com/github/codeql.git synced 2026-03-28 18:28:17 +01:00

Files

yh-semmle b8f53b5c6a Merge pull request #733 from aschackmull/java/remove-old-dataflow

Java: Remove old dataflow library.

2019-01-08 14:59:27 -05:00

Improvements to Java analysis

General improvements

Query	Tags	Purpose
Double-checked locking is not thread-safe (`java/unsafe-double-checked-locking`)	reliability, correctness, concurrency, external/cwe/cwe-609	Identifies wrong implementations of double-checked locking that does not use the `volatile` keyword.
Race condition in double-checked locking object initialization (`java/unsafe-double-checked-locking-init-order`)	reliability, correctness, concurrency, external/cwe/cwe-609	Identifies wrong implementations of double-checked locking that performs additional initialization after exposing the constructed object.

Query	Expected impact	Change
Result of multiplication cast to wider type (`java/integer-multiplication-cast-to-long`)	Fewer results	Results involving conversions to `float` or `double` are no longer reported, as they were almost exclusively false positives.

The deprecated library semmle.code.java.security.DataFlow has been removed. Improved data flow libraries have been available in semmle.code.java.dataflow.DataFlow, semmle.code.java.dataflow.TaintTracking, and semmle.code.java.dataflow.FlowSources since 1.16.